General

  • Target

    c56828f7b3f57c025090ae6712e86ae4

  • Size

    2.9MB

  • Sample

    240313-j7ncvagf3z

  • MD5

    c56828f7b3f57c025090ae6712e86ae4

  • SHA1

    7fe682eca11b9d40c3805e03b95877904fd1bb26

  • SHA256

    aa183243f2e1167205938d27d37a6dab4fcc066affa6e8f819ecfd1659ad0a32

  • SHA512

    514d6f50caaf02e449f45149decb1763a74bceeab7c808a2d1c25ce806add1a5742e3a6018d0a42227402abdb720738b05b0b6c44f41252e2ff7007c9aaab337

  • SSDEEP

    49152:tzsy4dLvjRrd1V6SRBG4N74NH5HUyNRcUsCVOzetdZJ:Sy4dLv1TwSG44HBUCczzM3

Malware Config

Extracted

Family

gozi

Targets

    • Target

      c56828f7b3f57c025090ae6712e86ae4

    • Size

      2.9MB

    • MD5

      c56828f7b3f57c025090ae6712e86ae4

    • SHA1

      7fe682eca11b9d40c3805e03b95877904fd1bb26

    • SHA256

      aa183243f2e1167205938d27d37a6dab4fcc066affa6e8f819ecfd1659ad0a32

    • SHA512

      514d6f50caaf02e449f45149decb1763a74bceeab7c808a2d1c25ce806add1a5742e3a6018d0a42227402abdb720738b05b0b6c44f41252e2ff7007c9aaab337

    • SSDEEP

      49152:tzsy4dLvjRrd1V6SRBG4N74NH5HUyNRcUsCVOzetdZJ:Sy4dLv1TwSG44HBUCczzM3

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks